Main menu

Email security

A recent post by Clusir Tahiti (Information Security Club Region Tahiti) invites me to write on the same issue.

I’ve already written on ‘sensitive’ information we too easily send via email without paying too much attention. I have to come back on the fundamental principle “the Need to Know” that proposes to only transfer information (or data) to these who really need it to answer your needs and desires or – for teachers of all sorts – to these who need to know.

I’ve already spoken about the usurpation of mailboxes, by which malevolent persons try to earn money from you by letting you believe that you’ll help your contact out of a bad situation.

But there are other emails the Clusir has cited.

Spams

We all know these unsolicited emails that propose you services or products (frequently ‘miracle’ medicines) that are always counterfeited.
For the services you have to pay first and, at best, they don’t bring you anything worthwhile … and you lose your money.
For the medicines, you put your life in danger. At best they don’t follow the quality criteria of the official chain.
For the products, we can be sued – and condemned – just for possessing them.

Scam

According to Wikipedia, these are “emails sent by crooks wanting to take information or money from you”.
These emails inform you you’ve won or can get a large amount of money. You first have to write to a lawyer (in Africa), store a certain sum to identify you and accept to give a big part of your gain to ‘charities’.

Advice: Don’t answer and delete the email (block the sender and consider these mails as “undesired”) so that your computer will reject them or won’t show them to you.

Phishing

These emails perfectly mock ‘official’ sites of your bank, your ISP or the host of your mailbox. They ask your identifier and password, or the secret question to ask for new ones.

In fact, these organisations NEVER ask these questions.

Advice: Don’t answer and erase the email.

Chains

It’s the modern version of letter chains from your childhood (for these who have known at least a part of the ’30 glorious’). You should send the letter to at least ten contacts either to win a psychological advantage or victory (astrology like) or to avoid illness or negative events.

You victories or misses are only the result of your own concrete actions, not of the effect of any secret or magical power.

Advice: Do what you want, but don’t spam your contacts who will consider you as too easily swayed.

To this list, I’d add…

Hoaxes

These messages are close to the chains. They send speculations, predictions or gossips concerning viruses, people or events that are mostly fictitious.
These messages can create moves (frequently called ‘viral’ if they rapidly spread) whose consequences aren’t always desirable.

Advice: Make proof of your good judgement and filter what you send over. Also, carefully select the – limited – number of the contacts to whom you send these emails.

Dubious mails

Generally, these emails seem to come from trusted addresses or contacts. What should draw your attention is the object (the title of the message) or its content or its ‘style’. If they don’t fit with the person you know, you probably face a ‘rotten’ email.

It’s not too difficult to impersonate a mailbox – but it’s tougher that ‘dubbing’ a fixed telephone line.

Advice: Think twice before opening the attachments or clicking on the hyperlinks. In case of doubt, send an email (but don’t respond to the dubious email) to its supposed sender to question him on the issue. It’s better to sound as fearful than to open the Pandora’s box by letting the whole fauna of cyber-pirates enter.

A big part of the housework is done by now. What’s left is to separate what’s really important from what’s worthless. But that’s your business.

Have you already suffered from these “unsolicited” emails? To what point did they rotten your life?